Report - safkil.click/?email=rdaino@slurpmail.net

Report Overview

Visitedpublic

2025-07-23 13:15:46

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
mail.megapolis.co.in	unknown	unknown	2025-07-23	2025-07-23	1.4 kB	83 kB	103.205.64.230
srv237410.hoster-test.ru	unknown	2008-12-30	2025-07-23	2025-07-23	968 B	15 kB	31.28.24.131
safkil.click	unknown	2025-06-23	2025-07-23	2025-07-23	517 B	13 kB	185.221.216.125

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	srv237410.hoster-test.ru/zimbra/zimbra/zimbra/zimbra/index.php?email=rdaino@slurpmail.net	EventHandler	9 B	2023-04-11	2025-08-02
URL srv237410.hoster-test.ru/zimbra/zimbra/zimbra/zimbra/index.php?email=rdaino@slurpmail.net IP / ASN 31.28.24.131 #12616 Citytelecom LLC Introduced by EventHandler Embedded false Resource Info First Seen 2023-04-11 Last Seen 2025-08-02 Times Seen 2621 Size 9 B (9 bytes) MD5 8330d67045d053b17fa969ef2bdb5e54 SHA1 041174325b27a7b4d2d1b1a0e353fa82d1cb6431 SHA256 ceecf99c8bd1f6e5f89a26d3b40e009d48860d674231297254ff75d817b9a883 Format Code Loading...

	srv237410.hoster-test.ru/zimbra/zimbra/zimbra/zimbra/index.php?email=rdaino@slurpmail.net	ScriptElement	106 B	2023-03-07	2025-08-01
URL srv237410.hoster-test.ru/zimbra/zimbra/zimbra/zimbra/index.php?email=rdaino@slurpmail.net IP / ASN 31.28.24.131 #12616 Citytelecom LLC Introduced by ScriptElement Embedded true Resource Info First Seen 2023-03-07 Last Seen 2025-08-01 Times Seen 37 Size 106 B (106 bytes) MD5 fbce4140def539f586b3ce0c232a61c7 SHA1 9cdbc69a8c5e182abc13d5a4ff4f617570e9a44f SHA256 942859d2b4bfc98a0d9f8b6e218adf9096f2064c7b18d1dee0a793f41e5262a0 Format Code Loading...

	srv237410.hoster-test.ru/zimbra/zimbra/zimbra/zimbra/index.php?email=rdaino@slurpmail.net	ScriptElement	6.2 kB	2025-07-23	2025-07-23
URL srv237410.hoster-test.ru/zimbra/zimbra/zimbra/zimbra/index.php?email=rdaino@slurpmail.net IP / ASN 31.28.24.131 #12616 Citytelecom LLC Introduced by ScriptElement Embedded true Resource Info First Seen 2025-07-23 Last Seen 2025-07-23 Times Seen 2 Size 6.2 kB (6184 bytes) MD5 153ea6084e023873dddc99a716909aad SHA1 b96e6d76a7dc477c68b029361278c7b7af174dba SHA256 7045e1e679864fbcf715c15e8a3abb5d1066f8e2fd4e5fb8d064a9137af19b70 Format Code Loading...

	HASH	FROM	Size	First Seen	Last Seen
	02832432d2c41b3b54935c6c8517aeb2	DocumentWrite	81 B	2023-03-07	2025-08-01
Introduced by DocumentWrite First Seen 2023-03-07 Last Seen 2025-08-01 Times Seen 595 Size 81 B (81 bytes) MD5 02832432d2c41b3b54935c6c8517aeb2 SHA1 88ee7006e448c0efa034d68f4a992ca22ab9ec4a SHA256 5ee5af17cb478a5fe5a8075109f67d37f9ae5c9b830cc1658b3e02b7ff296f0a Format Code Loading...

HTTP Transactions (6)

URL IP Response Size

GET mail.megapolis.co.in/css/common,login,zhtml,skin.css?skin=serenity&v=140408125659

103.205.64.230

200 OK

50 kB

URL

mail.megapolis.co.in/css/common,login,zhtml,skin.css?skin=serenity&v=140408125659

IP / ASN

103.205.64.230

#17439 NTT COMMUNICATIONS INDIA NETWORK SERVICES PRIVATE LIMITED

Requested byhttp://srv237410.hoster-test.ru/zimbra/zimbra/zimbra/zimbra/index.php?email=rdaino@slurpmail.net

Resource Info

File typeASCII text, with very long lines (751)

First Seen2025-07-23

Last Seen2025-07-23

Times Seen2

Size50 kB (49526 bytes)

MD56f3fe274fb096afec6c7faef7adbb586

SHA18dac07e754a65a0f26e54b740c8a3d8325f60724

SHA25694dad1986a31cc02795adc0fb406c25ddaad194eeaf86120c0dd6e9c287baf04

HTTP Headers

GET /css/common,login,zhtml,skin.css?skin=serenity&v=140408125659 HTTP/1.1
Host: mail.megapolis.co.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://srv237410.hoster-test.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 23 Jul 2025 13:15:09 GMT
Expires: Wed, 30 Jul 2025 13:15:09 GMT
Cache-Control: public, max-age=604800
Content-Type: text/css
Content-Encoding: gzip
Vary: User-Agent, Accept-Encoding, User-Agent
Transfer-Encoding: chunked

GET mail.megapolis.co.in/skins/_base/logos/LoginBanner_white.png?v=140408125659

103.205.64.230

200 OK

13 kB

URL

mail.megapolis.co.in/skins/_base/logos/LoginBanner_white.png?v=140408125659

IP / ASN

103.205.64.230

#17439 NTT COMMUNICATIONS INDIA NETWORK SERVICES PRIVATE LIMITED

Requested byhttp://srv237410.hoster-test.ru/zimbra/zimbra/zimbra/zimbra/index.php?email=rdaino@slurpmail.net

Resource Info

File typePNG image data, 163 x 36, 8-bit/color RGBA, non-interlaced

First Seen2023-05-01

Last Seen2025-08-01

Times Seen114

Size13 kB (12596 bytes)

MD59138ce3676131ea5cea60e69dfe03b68

SHA1ba741cf9fb2c880efd74046d8e4c3110a77aabfb

SHA256e9938d831d47476ba1bae2c1116bae70493e98b384cc14c15a5e348a38c01942

HTTP Headers

GET /skins/_base/logos/LoginBanner_white.png?v=140408125659 HTTP/1.1
Host: mail.megapolis.co.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.megapolis.co.in/css/common,login,zhtml,skin.css?skin=serenity&v=140408125659
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 23 Jul 2025 13:15:10 GMT
Expires: Wed, 30 Jul 2025 13:15:10 GMT
Cache-Control: public, max-age=604800
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 12596
Last-Modified: Tue, 08 Apr 2014 17:38:10 GMT

GET mail.megapolis.co.in/skins/serenity/img/DecorationLogin.png?v=140408125659

103.205.64.230

200 OK

20 kB

URL

mail.megapolis.co.in/skins/serenity/img/DecorationLogin.png?v=140408125659

IP / ASN

103.205.64.230

#17439 NTT COMMUNICATIONS INDIA NETWORK SERVICES PRIVATE LIMITED

Requested byhttp://srv237410.hoster-test.ru/zimbra/zimbra/zimbra/zimbra/index.php?email=rdaino@slurpmail.net

Resource Info

File typePNG image data, 500 x 100, 8-bit/color RGBA, non-interlaced

First Seen2023-05-01

Last Seen2025-08-01

Times Seen39

Size20 kB (19911 bytes)

MD5e8875bbc3b189e1d50cca7ae7a7e9680

SHA133365fb1aecb74874539b009b00f1195e2be2775

SHA25626e1cbd4a6605a397eb628e82503e98c1f36b0b14e554d8d87490696beac14a1

HTTP Headers

GET /skins/serenity/img/DecorationLogin.png?v=140408125659 HTTP/1.1
Host: mail.megapolis.co.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.megapolis.co.in/css/common,login,zhtml,skin.css?skin=serenity&v=140408125659
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 23 Jul 2025 13:15:10 GMT
Expires: Wed, 30 Jul 2025 13:15:10 GMT
Cache-Control: public, max-age=604800
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 19911
Last-Modified: Tue, 08 Apr 2014 17:38:10 GMT

GET srv237410.hoster-test.ru/zimbra/zimbra/zimbra/zimbra/index_files/favicon.ico

31.28.24.131

200 OK

1.2 kB

URL

srv237410.hoster-test.ru/zimbra/zimbra/zimbra/zimbra/index_files/favicon.ico

IP / ASN

31.28.24.131

#12616 Citytelecom LLC

Requested byhttp://srv237410.hoster-test.ru/zimbra/zimbra/zimbra/zimbra/index.php?email=rdaino@slurpmail.net

Resource Info

File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel

First Seen2023-05-02

Last Seen2025-08-02

Times Seen2143

Size1.2 kB (1150 bytes)

MD58c7d1c14e4b9c42f07bd6b800d93b806

SHA187e49826ffb3bc1ddac38feebb6bb98eaef568b2

SHA2561afd891aacc433e75265e3ddc9cb4fc63b88259977811384426c535037711637

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Zimbra Web Client

HTTP Headers

GET /zimbra/zimbra/zimbra/zimbra/index_files/favicon.ico HTTP/1.1
Host: srv237410.hoster-test.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://srv237410.hoster-test.ru/zimbra/zimbra/zimbra/zimbra/index.php?email=rdaino@slurpmail.net
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 23 Jul 2025 13:15:10 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 22 Jul 2025 13:37:48 GMT
ETag: "2a6d2e9-47e-63a84b2b821af"
Accept-Ranges: bytes
Content-Length: 1150
Content-Type: image/vnd.microsoft.icon
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: HIT from t0.hoster.ru:6666
Connection: keep-alive

GET safkil.click/?email=rdaino@slurpmail.net

185.221.216.125

301 Moved Permanently

13 kB

URL

safkil.click/?email=rdaino@slurpmail.net

IP / ASN

185.221.216.125

#393960 HOST4GEEKS-LLC

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605996

Size13 kB (12969 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectsafkil.click

Fingerprint81:E4:44:CC:33:3D:CC:30:2C:82:7A:B5:0E:4A:9D:4F:7D:ED:A3:76

ValiditySun, 13 Jul 2025 04:47:40 GMT - Sat, 11 Oct 2025 04:47:39 GMT

HTTP Headers

GET /?email=rdaino@slurpmail.net HTTP/1.1
Host: safkil.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Wed, 23 Jul 2025 13:15:08 GMT
Server: Apache
Location: http://srv237410.hoster-test.ru/zimbra/zimbra/zimbra/zimbra/index.php?email=rdaino@slurpmail.net
Content-Length: 304
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

GET srv237410.hoster-test.ru/zimbra/zimbra/zimbra/zimbra/index.php?email=rdaino@slurpmail.net

31.28.24.131

200 OK

13 kB

URL

srv237410.hoster-test.ru/zimbra/zimbra/zimbra/zimbra/index.php?email=rdaino@slurpmail.net

IP / ASN

31.28.24.131

#12616 Citytelecom LLC

Requested byN/A

Resource Info

File typeHTML document, Unicode text, UTF-8 text, with very long lines (400), with CRLF line terminators

First Seen2025-07-23

Last Seen2025-07-23

Times Seen2

Size13 kB (12969 bytes)

MD553f5cbc174cef84bcf2cf4fb677a2b73

SHA1e8dca76bb625c40c9c63e5641d9c16d144f686bf

SHA256f6cc0bf878981fc25dbd8d4d1c547c787b783657a1454874177f7462b76462fb

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Zimbra Web Client

HTTP Headers

GET /zimbra/zimbra/zimbra/zimbra/index.php?email=rdaino@slurpmail.net HTTP/1.1
Host: srv237410.hoster-test.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 23 Jul 2025 13:15:08 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/7.1.33
Content-Type: text/html; charset=UTF-8
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Transfer-Encoding: chunked
Connection: keep-alive